Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Oracle
  3. Oracle Cloud Infrastructure
  4. 1z0-1104-22 - Oracle Cloud Infrastructure 2022 Security Professional

Oracle 1z0-1104-22 Oracle Cloud Infrastructure 2022 Security Professional Exam Practice Test

Demo: 13 questions
Total 92 questions
Get 1z0-1104-22 Full Access Download 1z0-1104-22 PDF

Oracle Cloud Infrastructure 2022 Security Professional Questions and Answers

Question 1

You want to include all instances in any of two or morecompartments, which syntax should you use for dynamic policy you want to create for "Prod" compartment and "SIT" compartment?

Prod OCID : ‘JON.Prod’

SIT OCID : 'JON.SIT’

Options:

A.

Any { instance in compartment ‘Prod’ and Compartment 'SIT' }

B.

Any { instance.compartment.id = 'JON.Prod’, instance.compartment.id = 'JON.SIT'

C.

All { instance.compartment.id = 'JON.Prod’, instance.compartment.id = 'JON.SIT'

D.

All { instance in compartment 'Prod' and Compartment 'SIT' }

Question 2

A member of operations team has set Pre-Authenticated Request (PAR) associated with a bucket to an incorrect date and now wants to edit the PARrequest. How can this be achieved?

Options:

A.

Don't set an expiration time for PAR

B.

Delete the bucket associated with PAR and recreate it

C.

Delete the PAR and recreate it with the required date

D.

Delete both PAR as well as the bucket then recreate both

Question 3

As a security administrator, you found out that there are users outside your co network who are accessing OCI Object Storage Bucket. How can you prevent these users from accessing OCI resources in corporate network?

Options:

A.

Create an 1AM policy and create WAF rules

B.

Create an 1AM policy and add a network source

C.

Make OCI resources private instead of public

D.

Create PAR to restrict access the access

Question 4

With regard to vulnerability and cloud penetration testing, which rules of engagement apply? Select TWO correct answers.

Options:

A.

Any port scanning must be performed in an aggressive mode

B.

Physical penetration and vulnerability testing of Oraclefacilities is prohibited

C.

Testing should target any other subscription or any other Oracle Cloud customer resources

D.

You are responsible for any damages to Oracle Cloud customers that are caused by your testing activities

Question 5

Which Oracle Cloud Service provides restricted accessto target resources?

Options:

A.

Bastion

B.

Internet Gateway

C.

Load balancer

D.

SSL certificate

Question 6

Which securityissues can be identified by Oracle Vulnerability Scanning Service? Select TWO correct answers

Options:

A.

Distributed Denial of Service (DDoS)

B.

Ports that are unintentionally left open can be a potential attack vector for cloud resources

C.

SQL Injection

D.

CISpublished Industry-standard benchmarks

Question 7

which three resources are required to encrypt a block volume with the customer managed key?

Options:

A.

MAXIMUM SECURITY ZONE

B.

SYMMETRIC MASTER KEY ENCRYPTlON KEY

C.

BLOCK KEY

D.

OCI VAIRT

E.

IAM Policy Allowing Block Storage to Use Keys

F.

Secrets

Question 8

Which VCNconfiguration is CORRECT with regard to VCN peering within a same region ?

Options:

A.

12.0.0.0/16 and 194.168.0.0/16

B.

12.0.0.0/16 and 12.0.0.0/16

C 194.168.0.0/24 and 194.168.0.0/24

C.

194.168.0.0/24 and 194.168.0.0/16

Question 9

Which challenge is generally the first level of bot mitigation, but not sufficient with more advanced bot tools?

Options:

A.

CAPTCHA challenge

B.

JavaScript challenge

C.

Device fingerprint challenge

D.

Human interaction challenge

Question 10

An e-commerce company needs to authenticate with third-party API that don't support

OCI's signature-based authentication.

What can be the solution for the above scenario?

Options:

A.

Security Token

B.

API Key Authentication

C.

Asymmetric keys

D.

Auth Token/Swift Password

Question 11

Which statements are CORRECT about Security Zone policy in OCI ? Select TWO correct answers

Options:

A.

Block volume canbe moved from a security zone to a standard compartment

B.

Bucket can't be moved from a security zone to a standard compartment

C.

Resources in a security zone must be accessible from internet

D.

Resources in a security zone must be encrypted using customer-managed keys

Question 12

Where is sensitive configuration data (like certificates, and credentials) is stored by Kubernetes cluster control plane?

Options:

A.

Block Volume

B.

ETCD

C.

Oracle Functions

D.

Boot Volume

Question 13

What information do youget by using the Network Visualizer tool?

Options:

A.

State of subnets in a VCN

B.

Interconnectivity of VCNs

C.

Routes defined between subnets and gateways

D.

Organization of subnets and VLANs across availability domains

Load More 1z0-1104-22 Questions
Demo: 13 questions
Total 92 questions
Get 1z0-1104-22 Full Access Download 1z0-1104-22 PDF